By Max Dorfman, research writer, Triple-I (2022-04-27)
A recent study by IBM and the Ponemon Institute quantifies the rising cost of data breaches when workers moved to remote environments during the coronavirus pandemic.
According to the report, an average data breach in 2021cost $ 4.24 million – up from $ 3.86 million in 2020. Where telework was a factor that caused the breach, the cost increased by $ 1.07 million. In organizations with 81-100 percent of employees working remotely, the total average cost was $ 5.54 million.
To combat the risks associated with the emergence of teleworking, the study highlights the importance of artificial intelligence (AI) and fully deployed automation – a process that enables security technicians to complement or replace human intervention in the identification and containment of incidents and intrusions.
In fact, organizations with fully deployed security AI / automation saw the average cost of a data breach decrease to $ 2.90 million. The duration of the intrusion was also significantly lower, taking an average of 184 days to identify the intrusion and 63 days to limit the intrusion, as opposed to an average of 239 days to identify the intrusion and 85 days to limit the violation for organizations without these technologies.
Organizations continue to struggle with intrusion
During 2021 and 2022, several high-profile data breaches illustrated the major risks posed by cyber attacks. This includes an attack on 483 users’ wallets in January 2022 on Crypto.com, resulting in the loss of $ 18 million in Bitcoin and $ 15 million in Ethereum and other cryptocurrencies.
In February, the International Committee of the Red Cross (ICRC) became the target of a cyberattack that resulted in hackers gaining access to personal information of more than 515,000 people through a humanitarian program, in which intruders maintained access to ICRC servers for 70 days after that. initial crime.
And in April, an SEC report revealed that the company that owns the Cash App, Block, had been hacked by a former employee in December 2021. This leak included customers’ names, broker account numbers, portfolio value and stock trading activity in over 8 million US users.
Insurance companies play a key role in helping organizations
The increasing frequency and severity of cyberattacks has led more organizations to buy cyber insurance, with 47 percent of insurance customers using this coverage by 2020, up from 26 percent in 2016, according to the US Government Accountability Office. This change includes insurance companies that offer more insurance that is specific to cyber risk, instead of including this risk in packages with other coverage.
The insurance industry offers first-party protection – which usually provides financial support to help an insured company with recovery costs, as well as cybersecurity liability, which protects a company if a third party files a lawsuit against the policyholder for damages resulting from a cyber incident.
A third option, coverage of technical errors and omissions, can protect small businesses that offer technical services when cybersecurity insurance does not offer coverage. This type of coverage is triggered if a company’s product or service results in a cyber incident involving a third party directly.
Nevertheless, the primary focus for organizations that want to defend themselves against cyber attacks is to implement a rigorous cyber defense system.